JP2005039637A - Image forming device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent a leakage of confidential information included in image data stored in a buffer memory (hard disk) for smoothly performing high-speed image formation processing in an image forming device such as a compound machine. <P>SOLUTION: This image forming device 10 is provided with an image data acquiring part 18 for acquiring image data which has a form of being inputted to an image formation processing part 14 and follows a processing sequence in the image formation processing part 14, an encryption processing part 22 for encrypting the image data acquired by the image data acquiring part 18, a second storing part (buffer memory) 20 for storing the encrypted image data, and a decryption processing part 24 for acquiring the encrypted image data from the second storing part 20 and decrypting the image data. The image data decrypted by the decryption processing part 24 is inputted to the image formation processing part 14. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image forming apparatus such as a copying machine, a printer, a facsimile machine, or a complex machine thereof, and more particularly to an image forming apparatus capable of preventing leakage of confidential data.

  In a conventional image forming apparatus, in order to smoothly execute a high-speed image forming process, an image data buffer memory (generally, a hard disk or its internal memory) handled by the image forming process unit is provided in front of the image forming process unit. Some have a specific area. Here, this type of conventional image forming apparatus will be described. FIG. 7 is a block diagram illustrating a main configuration of a conventional image forming apparatus 50.

  In FIG. 7, the first storage unit 12 (not the buffer memory) generally configured as a hard disk stores document data for each user, image data acquired by image reading means (not shown), and the like. Is stored. Here, the processing target data stored in the first storage unit 12 is generally data in a form (data format) corresponding to the type of application, and can always be processed by the image forming processing unit 14. It is not a form of image data. Further, reading / writing with respect to the first storage unit 12 is controlled by a control unit (for example, CPU) 16. That is, the reading / writing here is performed according to the processing sequence of the control unit 16, but the first storage unit 12 serves as a so-called print queue or print spooler that stores information on each image forming job that has occurred. Since it has a function, it is basically unnecessary to synchronize with the processing sequence of the image forming processing unit 14 at the subsequent stage.

  The image data acquisition unit 18 acquires image data for each output page according to the processing sequence in the image formation processing unit 14 in a form that can be processed by the image formation processing unit 14 in the current image formation job. Specifically, when the processing target data is in a form corresponding to the type of application, the image data acquisition unit 18 converts it into image data handled by the image formation processing unit 14. Also, rotation of the output image (such as outputting a vertical image as a horizontal image), enlargement / reduction, adjustment of the output position, or outputting a plurality of pages in one page (so-called N-up). If requested, the image data acquisition unit 18 acquires image data of each page according to the request from the original processing target data. Further, when output of a plurality of copies, output in each unit (so-called sort), page order rearrangement, or the like is requested, the image data acquisition unit 18 appropriately performs duplication processing or the like and outputs all pages to be output. The image data arranged in the output order is acquired. As an example, when it is requested to sort out the original data consisting of 3 pages of A, B, and C, the total of A, B, C, A, B, C, A, B, and C Nine pages of image data are acquired.

  The image data acquired by the image data acquisition unit 18 in this way is temporarily stored in the second storage unit 20. The second storage unit 20 functions as the buffer memory for smoothly executing high-speed image forming processing, and is generally a separate hard disk from the first storage unit 12 or the same hard disk. It is configured as a separate area delimited within. As for the read / write in the second storage unit 20, the cylinder / head / sector, which is the physical structure of the disc, is directly used in order to achieve high-speed (for example, video rate equivalent) throughput in the image forming processing unit 14. A designating method (CHS method) and a method using serial numbers assigned in advance to all sectors (LBA method) are employed.

  Then, the image forming processing unit 14 (for example, ROS: Raster Output Scanner) performs processing for forming an image based on the image data on a predetermined medium (for example, paper) based on the input image data (raster data). Execute.

  In this type of image forming apparatus, it is not preferable in terms of confidentiality management that data requiring confidentiality remain in the storage unit after the processing is completed. Therefore, for example, in Patent Document 1, after the copy process is completed, confidential data is prevented from leaking by performing a scramble process on the image data stored in the hard disk corresponding to the first storage unit 12. Yes.

JP-A-9-284572

  However, in the image forming apparatus disclosed in Patent Document 1, although the scramble process is performed on the hard disk corresponding to the first storage unit 12 (FIG. 7), the second storage unit 20, that is, a high-speed image is performed. No security measures are taken into consideration for image data stored in the buffer memory for smoothly executing the forming process. When image data including confidential matters remains in the buffer memory, reverse engineering, etc., when replacing the buffer memory at the time of maintenance or when a failure occurs, or when disposing of the image forming device May cause unauthorized acquisition of confidential matters.

  The present invention has been made paying attention to such points, and is an image data stored in a buffer memory for smoothly executing a high-speed image forming process (that is, a form inputted to an image forming processing unit). The main purpose is to maintain confidentiality of the image data according to the processing sequence of the image forming processing means.

  An image forming apparatus according to the present invention includes: an image forming processing unit that forms an image based on input image data on a predetermined medium; and image data in a form that is input to the image forming processing unit. Image data acquisition means for acquiring image data according to the processing sequence in the means, encryption processing means for encrypting the image data acquired by the image data acquisition means, and a buffer for storing the encrypted image data A memory, and decryption processing means for obtaining and decrypting the encrypted image data from the buffer memory, and the image data decrypted by the decryption processing means is input to the image formation processing means. The

  The image forming apparatus according to the present invention preferably further includes key generation means for generating a common key used for encryption processing and decryption processing based on the information related to the image data.

  In the image forming apparatus according to the present invention, it is preferable that a common key that is valid only during a predetermined period is used for the encryption process and the decryption process.

  In the image forming apparatus according to the present invention, it is preferable that the common key includes information capable of determining whether or not it is within an expiration date.

  The image forming apparatus according to the present invention preferably further includes a volatile memory that stores the common key.

  The image forming apparatus according to the present invention further includes a common key storage unit that stores the common key and a key that deletes the common key stored in the common key storage unit when a predetermined deletion condition is satisfied. And an erasing means.

  The image forming apparatus according to the present invention further includes a switching unit that switches between valid / invalid of the encryption processing unit and the decryption processing unit, and when the encryption processing unit and the decryption processing unit are invalid, The image data acquired by the image data acquisition means is preferably stored in the buffer memory without being encrypted.

  As described above, according to the present invention, image data (that is, image data in a form inputted to the image forming processing means is stored in the buffer memory for smoothly executing high-speed image forming processing. Since the image data according to the processing sequence in the image forming processing unit is encrypted and stored, leakage of confidential information included in the image data can be prevented even if there is an unauthorized access to the buffer memory.

  Preferred embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a block diagram illustrating a main configuration of an image forming apparatus 10 according to the present embodiment. The image forming apparatus 10 according to the present embodiment includes the same components as those of the conventional image forming apparatus 50 (FIG. 7) described above. In the following, those constituent elements are given the same reference numerals, and redundant description is omitted.

  As shown in FIG. 1, the image forming apparatus 10 according to the present embodiment includes an encryption processing unit 22 in the preceding stage of the second storage unit (buffer memory) 20 and a decryption processing unit 24 in the subsequent stage. I have. With this configuration, the second storage unit 20 can store encrypted image data. Thereby, even if unauthorized access to the second storage unit 20 is attempted, the risk of being decrypted is extremely low. It should be noted that the encryption processing unit 22 and the decryption processing unit 24 should not reduce the throughput of the image forming process as much as possible. For this purpose, the encryption processing unit 22 and the decryption processing unit 24 are controlled by the control unit (CPU ) In some cases, it may be preferable to configure the device as an element independent of 16 or the like.

  The encryption processing in the encryption processing unit 22 and the decryption processing in the decryption processing unit 24 are preferably performed using a common key (information). The common key is preferably a unique key. For this purpose, a key generation unit 26 is provided, and various kinds of unique information, for example, information on the session (for example, an ID of an image forming job), information on a document as an image forming target (for example, a file name), image forming Information about the target page, information about time (for example, job generation time), information about the image forming apparatus (for example, model number, apparatus ID, hard disk type, hard disk ID, etc.), user of the image forming apparatus or connected apparatus A common key using a known encryption technique based on information related to (source of processing target data) (for example, the ID of the user of the image forming apparatus, the ID of the connected apparatus or its group, etc.), or a combination thereof. May be generated.

  The key storage unit 28 for storing the common key (information thereof) is preferably configured as a volatile memory from the viewpoint of preventing unauthorized acquisition. Further, a key erasure unit 30 may be provided for erasing the stored common key based on the establishment of a predetermined erasure condition (for example, occurrence of a prescribed event such as power-off, elapse of a predetermined time after the occurrence of a job). As a result, the confidentiality of image data is further improved.

  The common key may be a limited time key that is valid only during a predetermined period. Specifically, for example, the key generation unit 26 generates (updates) a common key at a predetermined timing (for example, every predetermined period), and is used when the encryption processing unit 22 executes the encryption process. It may be determined whether or not the common key is valid in terms of time. In that case, if information indicating the expiration date is included in the common key (for example, it is added to a predetermined position of the common key (information)), the information and the current time (process execution time) are displayed when the encryption process is executed. The validity / invalidity can be determined by comparison. Alternatively, a key validity determination unit 32 that determines validity / invalidity of the common key stored in the key storage unit 28 at a predetermined timing independent of the encryption process is provided, and information indicating the determination result in the common key May be included (for example, added at a predetermined position). Note that the control unit 16, the key generation unit 26, the key deletion unit 30, and the key validity determination unit 32 described above can be implemented together in one CPU, or may be configured as separate elements. .

  In addition, a switching unit 34 is provided for switching whether or not to perform encryption processing and decryption processing according to a user's selection or setting, so that encryption processing and decryption processing are not performed unless particularly necessary. Also good. In that case, the image data acquired by the image data acquisition unit 18 is stored in the second storage unit 20 without being encrypted. In this case, as to whether or not to perform the encryption process and the decryption process, as shown in FIG. 3, on the operation panel (or operation screen) 10b of the image forming apparatus 10, for example, a predetermined push button 10c It may be specified (selected) by an operation or the like.

  As shown in FIG. 2, the image forming apparatus 10 according to the present embodiment includes an image forming job (for example, a document 40) generated in a terminal device 38 connected via a communication line (for example, the Internet, an intranet, a LAN, etc.) 36. Print job). Information on the image forming job is transmitted from each terminal device 38 to the image forming apparatus 10 and stored in the first storage unit 12. In the case of such a configuration, whether or not to execute the encryption process and the decryption process is determined when an image output request is made on the user terminal device 38 as shown in FIG. When a formation job is generated, it may be specified (selected) by checking a predetermined check box 38b on the printing condition specifying screen 38a. In that case, the control unit 16 of the image forming apparatus 10 controls the switching unit 34 based on information indicating whether or not the encryption process and the decryption process can be executed, which are included in the information of the image forming job. .

  In the actual image forming apparatus 10, reading / writing of image data with respect to the second storage unit 20 is performed via a system memory (not shown), and the system memory and the second storage unit 20 In some cases, the encryption processing unit 22 and the decryption processing unit 24 are provided in between. However, the system memory is provided in this way for performing protocol conversion and the like, and usually when passing through the system memory. The form (data format) of the image data is not changed. For example, when image forming processing is performed on image data acquired by the image reading unit 10a (FIG. 2) built in or connected to the image forming apparatus 10, the image data is temporarily stored in the system memory. You may make it acquire the image data of the form input into the image formation process part 14 from the image data stored in the system memory. The means for storing the data before and after being processed by the image data acquisition unit 18 including this system memory is volatile except for the second storage unit 20 in which the encrypted image data is stored. Is preferred.

  Next, image forming processing executed by the image forming apparatus 10 will be described with reference to the drawings. FIG. 5 is a flowchart when the key generation unit 26 generates a common key corresponding to each image forming job.

  First, when an image forming job is generated in the image forming apparatus 10 or the terminal device 38, information necessary for executing the job is stored in the first storage unit 12 (or system memory) (step S10). Then, the key generation unit 26 generates a common key as described above (step S11). The generated common key is stored in the key storage unit 28 (step S12).

  As described above, the image data acquisition unit 18 obtains an image from the processing target data of the current image forming job among the processing target data stored in the first storage unit 12 (for example, data according to the application). Image data in a form that is input to the formation processing unit 14 is acquired (step S13).

  When execution of encryption processing and decryption processing is selected for the image forming job, the encryption processing unit 22 uses the common key stored in the key storage unit 28 for the image data acquired in step S13. (Step S14). The encrypted image data is stored in the second storage unit 20 (step S15).

  Image data (encrypted image data) read from the second storage unit 20 at a predetermined timing (timing for executing image formation processing) is stored in the decryption processing unit 24 by the common key (key storage unit). The common key stored in 28 is decrypted (step S16). The decoded image data is sent to the image formation processing unit 14 where the image formation processing is executed (step S17). The common key stored in the key storage unit 28 is deleted at a predetermined timing after the image forming process is completed (step S18).

  FIG. 6 is a flowchart when the common key is a limited-time key. First, when an image forming job is generated in the image forming apparatus 10 or the terminal device 38, information necessary for executing the job is stored in the first storage unit 12 (or system memory) (step S20). Next, as described above, the image data acquisition unit 18 uses the processing target data of the current image forming job from the processing target data stored in the first storage unit 12 (for example, data in a form according to the application). Then, the image data in the form input to the image formation processing unit 14 is acquired (step S21).

  When performing the encryption process, the encryption processing unit 22 acquires a time-limited key from the key storage unit 28, and determines the validity by comparing the expiration date of the acquired time-limited key with the current time. (Step S22). When the limited-time key is not valid, the key generation unit 26 is instructed to update the limited-time key. Then, the key generation unit 26 generates a time-limited key based on the information indicating the current time and the setting of the valid period, and stores this in the key storage unit 28 (step S23). In step S22, when there is no time limited key in the key storage unit 28, the key generation unit 26 generates a new time limited key in step S23.

  The encryption processing unit 22 encrypts the image data acquired in step S21 using the valid time-limited key thus obtained (step S24). The encrypted image data is stored in the second storage unit 20 (step S25). Then, the image data (encrypted image data) read from the second storage unit 20 at a predetermined timing (timing for executing the image forming process) And is decoded (step S26). The decoded image data is sent to the image formation processing unit 14 where the image formation processing is executed (step S27). Note that the limited-time key stored in the key storage unit 28 is also erased at a predetermined timing (for example, when the image forming process is not performed for a predetermined period) after the image forming process is completed (step S28).

1 is a block diagram illustrating an example of a main configuration of an image forming apparatus according to an embodiment of the present invention. 1 is a diagram illustrating an example of a communication network to which an image forming apparatus and a terminal device according to an embodiment of the present invention are connected. FIG. 3 is a diagram illustrating an example of an operation panel of the image forming apparatus according to the embodiment of the present invention. It is a figure which shows an example of the printing condition designation | designated screen output with a terminal device. 3 is an example of a flowchart of an image forming process in the image forming apparatus according to the embodiment of the present invention. It is another example of the flowchart of the image formation process in the image forming apparatus concerning embodiment of this invention. FIG. 10 is a block diagram illustrating a main configuration of a conventional image forming apparatus.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 Image forming apparatus, 10a Image reading part, 10b Operation panel, 10c Push button, 12 1st memory | storage part, 14 Image formation process part, 16 Control part, 18 Image data acquisition part, 20 2nd memory | storage part (buffer memory) ), 22 encryption processing unit, 24 decryption processing unit, 26 key generation unit, 28 key storage unit, 30 key deletion unit, 32 key validity determination unit, 34 switching unit, 38 terminal device, 38a printing condition designation screen, 38b Check box, 40 documents.

Claims (7)

Image forming processing means for forming an image based on the input image data on a predetermined medium;
Image data acquisition means for acquiring image data in a form that is input to the image formation processing means and following a processing sequence in the image formation processing means;
An encryption processing means for encrypting the image data acquired by the image data acquisition means;
A buffer memory for storing the encrypted image data;
Decryption processing means for obtaining and decrypting encrypted image data from the buffer memory;
With
An image forming apparatus, wherein the image data decoded by the decoding processing means is input to the image forming processing means.   The image forming apparatus according to claim 1, further comprising a key generation unit configured to generate a common key used for encryption processing and decryption processing based on information about the image data.   The image forming apparatus according to claim 1, wherein a common key that is valid only during a predetermined period is used for the encryption process and the decryption process.   The image forming apparatus according to claim 3, wherein the common key includes information that makes it possible to determine whether the common key is within an expiration date.   The image forming apparatus according to claim 2, further comprising a volatile memory that stores the common key. And a common key storage means for storing the common key;
Key erasure means for erasing the common key stored in the common key storage means when a predetermined erasure condition is satisfied;
The image forming apparatus according to claim 2, further comprising: Furthermore, a switching means for switching between valid / invalid of the encryption processing means and the decryption processing means is provided,
When the encryption processing means and the decryption processing means are invalid, the image data acquired by the image data acquisition means is stored in the buffer memory without being encrypted. apparatus.